Hosting Mautic QuickStart -50% with support in Spanish
24 hours and free training
Send up to 1,000,000 emails/year. Mautic support in Spanish 24 hours, 365 days
The header X-XSS-Protection is used to activate the XSS filter that IE and Chrome have enabled.
This is an additional security layer that blocks XSS attacks. Internet Explorer implements it since version 8.
You can read more about it on Microsoft’s IEBlog.
You can read this information about .
The best way to add this header would be to add a few lines of code to the file functions.php of the WordPress theme that we are using. This file is located in the path wp-content/themes/THEME_NAME, where THEME_NAME is the name of the theme that we have activated. First of all, we will make a backup copy of the functions.php file. Then we edit it and add the following code at the end of it:
add_action( ‘send_headers’, ‘add_header_xxssprotection’ ); function add_header_xxssprotection() { header( ‘X-XSS-Protection: 1;mode=block’ ); }
This code generates the following response header:
X-XSS-Protection: 1; mode=block
An alternative to enable the header on an Apache web server would be to add the following code to the .htaccess file:
Header set X-XSS-Protection “1; mode=block”
If we want to add other security headers from changes in the functions.php file, we can do it using a single function, instead of adding each header in a different function, although the behavior is similar. In the following example code, which should be placed at the end of the file, the X-Content-Type-Options, and X-XSS-Protection headers are added:
add_action( ‘send_headers’, ‘add_header_security’ ); function add_header_security() { header( ‘X-Content-Type-Options: nosniff’ ); header( ‘X-Frame-Options: SAMEORIGIN’ ); header( ‘X-XSS-Protection: 1;mode=block’ ); }
Help us improve our content by sharing your opinion
Member of the Systems Administration team at and leader of the CiberProtector and CiberBox development team.
Facebook Comments
Disqus